Privacy Notice

HISTON AND IMPINGTON VILLAGE SOCIETY

General Data Protection Regulation 2018 Notice

New regulations

Data protection regulation is changing. The 1998 Data Protection Act (with amendments) will be replaced by the General Data Protection Regulation (the GDPR), which is a national transposition of EU Directive 95/46/EC and takes effect in the UK on 25th May 2018. As a result, the Society must change its policies and procedures relating to the collection and processing of data from members and others who work with the Society.

Policy statement

The Society will store and process personal data of individuals only with their permission and use it only for the essential purposes of running the Society. You do not have to provide requested data but the Society may then be unable to provide you with information on the Society’s activities or otherwise communicate with you. All such data will be held in electronic or paper format and kept securely. An individual may at any time request a copy of the data held on that individual or request that any or all data relating to that individual be corrected or removed from the records.

Purpose Statement

The Society is a not- for- profit organisation promoting and supporting activities for the interest and benefit of the local community. Membership is by annual subscription. The Society wishes to keep data relating to members and others only for essential purposes in the running of the Society’s activities, including communicating information about the Society’s projects, meetings and publications, the keeping of financial records and preparation of publications and accounts.

Data held by the Society

As required by the GDPR, any personal data of members and other individuals with whom the Society exchanges information will be held securely by a nominated Data Controller and shared only with authorised committee members, used only for the above stated purposes and will not be distributed to any other member or third party without the express written permission of that individual. Data is kept only for current use and subsequently (for example after cessation of an individual’s membership) data may be archived for up to 12 months after which it will be permanently deleted.

Data Breaches

The Data Controller or any other authorised committee member who holds copied data will inform the chairman promptly if a breach of the data security is observed. A decision on action to be taken and whether or not the incident is to be reported to the ICO (Information Commissioner’s Office) will then be made.

Information requests

Anyone whose data is stored by the Society may at any time request a copy of the data held about that person (but not about any other person) by applying in writing to: The Data Controller, Histon and Impington Village Society, 65, Station Road, Histon, CB24 9LQ

Removal or correction of records

An individual may request removal or correction of data from the Society’s records at any time by writing to: The Data Controller, Histon and Impington Village Society, 65, Station Road, Histon, CB24 9LQ

For members, unless earlier deletion is requested, on cessation of membership for any reason, data will be stored for a limited period not exceeding 12 months from the end of the membership period. Unless the ex- member applies for and is granted new membership before the end of this period, the data will then be permanently deleted from the records.

For non – members, unless earlier deletion is requested, records will be stored until further communication is not required and then archived for up to 12 months after which the data will be permanently deleted.

Children

No data concerning children (persons under the age of 18 years) will be requested or stored by the Society.